Category: Stories

openvpn p2p
vladimir simeonov
12/02/2017

generate the secret and copy it to all peers:

openvpn –genkey –secret /etc/openvpn/keys/p2p-secret.key

target:

port 5500
proto udp
dev tun200
ifconfig 172.17.4.1 172.17.4.2
secret keys/p2p-secret.key
comp-lzo

cipher AES-256-CBC
script-security 2

status /var/log/openvpn-status.log

log /var/log/openvpn.log

 

initiator:

dev tun
proto udp

remote blog.it-training.pro 5500
ifconfig 172.17.4.6 172.17.4.5
port 5500
nobind

user openvpn
group openvpn

persist-key
persist-tun

secret keys/p2p-secret.key
cipher AES-256-CBC

comp-lzo

verb 3

 

VyOS initiator:

set interfaces openvpn vtun9
set interfaces openvpn vtun9 local-address 172.17.4.6
set interfaces openvpn vtun9 remote-address 172.17.4.5
set interfaces openvpn vtun9 remote-host blog.it-training.pro
set interfaces openvpn vtun9 encryption aes256
set interfaces openvpn vtun9 openvpn-option ‘comp-lzo’
set interfaces openvpn vtun9 local-port 5500
set interfaces openvpn vtun9 remote-port 5500
set interfaces openvpn vtun9 mode site-to-site

#manually upload the secret file in the /conf/auth location
set interfaces openvpn vtun9 shared-secret-key-file /config/auth/p2p-secret.key
commit;save

typical day of a site owner
vladimir simeonov
12/02/2017
IP Клиент Последно посетена страница Реферал Последен клик Действие
116.0.23.202 Гости http://online.it-training.pro/
blog/wp-admin/		 12/02/2017 08:11:34
151.236.51.76 Гости http://online.it-training.pro/
wordpress/wp-admin/		 12/02/2017 08:01:14
188.165.156.243 Гости http://online.it-training.pro/
test/wp-admin/		 12/02/2017 07:51:26
5.61.27.86 Гости http://online.it-training.pro/
wp-admin/		 12/02/2017 07:41:15
2804:07f1:1280:8bba:28f4:b996:ee6f:b7c3 Гости http://online.it-training.pro/ 12/02/2017 07:40:57
50.63.196.156 Гости http://online.it-training.pro/
old/wp-admin/		 12/02/2017 07:22:51
62.173.147.193 Гости http://online.it-training.pro/
wp/wp-admin/		 12/02/2017 07:12:50

mysql my.cnf
vladimir simeonov
05/02/2017

For a high traffic site which is database intensive and has a dedicated 16GB server for running mysql, my.cnf should looks something like ..

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
[mysqld]
datadir=/var/lib/mysql
tmpdir=/var/lib/mysqltmp
socket=/var/lib/mysql/mysql.sock
skip-locking
skip-name-resolve
table_cache=2048
thread_cache_size=32
back_log=100
max_connect_errors=10000
open-files=10000
interactive_timeout=400
wait_timeout=300
max_connections=500
skip-bdb
log-slow-queries=/var/lib/mysqllogs/slow-log
long_query_time=2
log-queries-not-using-indexes
max_allowed_packet=128M
tmp_table_size=256M
max_heap_table_size=256M
query_cache_size=32M
query_cache_limit = 6M
sort_buffer_size=4M
read_buffer_size=4M
read_rnd_buffer_size=16M
join_buffer_size=2M
default-storage-engine=InnoDB
key_buffer_size=128M
myisam_sort_buffer_size=64M
innodb_log_file_size=100M
innodb_buffer_pool_size=6G
innodb_additional_mem_pool_size=20M
innodb_support_xa = 0
[mysql.server]
user=mysql
[mysqld_safe]

JunOS 2 ISP with dynamic routing and VRF
vladimir simeonov
03/02/2017

issue: the backup ISP WAN link is not usable since there’s no reverse route via that interface.

option 1: use VRF

option 2: unexplored

option 1 settings:

set routing-instances vrf1 instance-type virtual-router
set routing-instances vrf1 interface ge-0/0/0.0
set routing-instances vrf1 interface ge-0/0/1.0
set routing-instances vrf1 interface ge-0/0/2.0
set routing-instances vrf1 routing-options instance-import import-from-vrf2
set routing-instances vrf2 instance-type virtual-router
set routing-instances vrf2 interface ge-0/0/3.0
set routing-instances vrf2 interface ge-0/0/4.0
set routing-instances vrf2 interface ge-0/0/5.0
set routing-instances vrf2 interface ge-0/0/6.0
set routing-instances vrf2 routing-options instance-import import-from-vrf1
set policy-options policy-statement import-from-vrf1 term 1 from instance vrf1
set policy-options policy-statement import-from-vrf1 term 1 then accept
set policy-options policy-statement import-from-vrf2 term 1 from instance vrf2
set policy-options policy-statement import-from-vrf2 term 1 from protocol static route-filter 0.0.0.0/0 exact
set policy-options policy-statement import-from-vrf2 term 1 then reject
set policy-options policy-statement import-from-vrf2 term 2 from instance vrf2
set policy-options policy-statement import-from-vrf2 term 2 then accept

set policy-options policy-statement vrf1-ospf-export term 2 from route-filter 10.8.244.0/24 exact
set policy-options policy-statement vrf1-ospf-export term 2 then accept

chan_dongle with asterisk 13.x
vladimir simeonov
28/01/2017

found this on internet how to run and compile it with version 13.x

git clone https://github.com/wdoekes/asterisk-chan-dongle.git
aclocal && autoconf && automake -a
./configure --with-astversion=130700
make
make install
cp etc/dongle.conf /etc/asterisk/
lsusb
emerge sys-apps/usb_modeswitch
chown asterisk:asterisk /dev/ttyUSB*
/etc/init.d/asterisk restart

nginx with fastcgi behind haproxy real client IP
vladimir simeonov
24/01/2017

just add:

fastcgi_param REMOTE_ADDR $http_x_forwarded_for;

in the nginx.conf for your site and web apps will see the real IP of the client. 
It works where apps use only http_client_ip and ignore x-forwareded for which is 
sent correctly by upstream haproxy forwarder.

mysql-backup.sh with GPG encryption
vladimir simeonov
13/01/2017
#!/bin/bash
#
#
# purpose: create mysql backup for all db's
# has to have nagios-plugins installed
# has to have GPG key already generated

PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

INIT_CHECK () {

if [ "`id -u`" -gt "0" ]; then
 echo "Run script as SuperUser (root), please..."
 fi

}


# Hostname
MyHOST="localhost"
MyUSER=''
MyPASS=''
# Servername
SERVER="$HOSTNAME"
# mysqldump options
MYSQLDUMPOPTS="--opt"

# Linux bin paths, change this if it can't be autodetected via which command
MYSQL="$(which mysql)"
MYSQLDUMP="$(which mysqldump)"
CHOWN="$(which chown)"
CHMOD="$(which chmod)"
GZIP="$(which gzip)"

# Backup Dest directory, change this if you have someother location
DEST="/var/backups"

# Main directory where backup will be stored
MBD="$DEST/mysql"

# Get data in dd-mm-yyyy format
NOW="$(date +"%Y-%m-%d-%H-%M")"

#Backup file-name
FNAME="mysql-backup-encrypted-$NOW"
# File to store current backup file
FILE=""

if [ $MyUSER ] && [ $MyPASS ]; then
 MyLOGINOPTS="-u $MyUSER -p$MyPASS"
else
 MyLOGINOPTS=""
fi
# Store list of databases
DBS=""

#working dir
TMP="/srv/tmp/$NOW"

#Number of archives to keep
n=7
# DO NOT BACKUP these databases
IGGY="information_schema performance_schema"


[ ! -d $MBD ] && mkdir -p $MBD || :
[ ! -d $TMP ] && mkdir -p $TMP || :
# Only root can access it!
$CHOWN root.root -R $DEST $confdir
$CHMOD 600 $DEST $confdir


#remove old
for l in $(find $MBD -maxdepth 1 -type f -name 'mysql-backup*tar.gz*' | sort | head -n -$n); do
 rm -f $l
done

#check for freespace
/usr/lib64/nagios/plugins/check_disk -w 70 -c 90 / 1>/dev/null 2>/dev/null
if [ $? -ne 0 ]; then
 echo "MySQL Backup Aborted! Disk Space low!" | sendmail -t [email protected]
 exit 100
fi

# Get all database list first
DBS="$($MYSQL -h $MyHOST $MyLOGINOPTS -Bse 'show databases')"

for db in $DBS
do
 skipdb=-1
 if [ "$IGGY" != "" ];
 then
 for i in $IGGY
 do
 [ "$db" == "$i" ] && skipdb=1 || :
 done
 fi

if [ "$skipdb" == "-1" ] ; then
 FILE="$db.$SERVER.$NOW.sql"
 # do all inone job in pipe,
 # connect to mysql using mysqldump for select mysql database
 # and pipe it out to gz file in backup dir :)
 $MYSQLDUMP -h $MyHOST $MyLOGINOPTS $MYSQLDUMPOPTS $db | gpg --output $TMP/$FILE.gpg --encrypt --recipient [email protected] 1>/dev/null
 fi
done
tar czvf $MBD/$FNAME.tar.gz $TMP 1> /dev/null
rm -r $TMP
cp -p $MBD/$FNAME.tar.gz $MBD/weekly/$(date +%W)/full-mysql-encrypted.tar.gz
scp -i "/root/.ssh/sshkey" $MBD/$FNAME.tar.gz [email protected]:/var/backups/$HOSTNAME/latest-full-mysql-encrypted.tar.gz 2>/dev/null 1>/dev/null

HAProxy Load Balancer with Failover for Exchange 2013
vladimir simeonov
23/04/2014

1. setup ubuntu 12.04 LTS

2. update the setup to the latest package versions

    apt-get update    aptitude full-upgrade

3. install packages

aptitude install spread nfs-client libspread1 libspread1-dev libperl-dev dpatch flex bison autotools-dev cdbs

4. build haproxy

apt-get install haproxy

apt-get build-dep haproxy

sed -i -e “s/\/usr\/sbin\/haproxy/\/usr\/local\/sbin\/haproxy/” /etc/init.d/haproxy

dpkg -r haproxy

cd /usr/src

wget http://haproxy.1wt.eu/download/1.5/src/snapshot/haproxy-ss-LATEST.tar.gz

tar xzfv haproxy-ss-LATEST.tar.gz 

cd haproxy-ss-*/

make DESTDIR=debian/haproxy  \        PREFIX=/usr   \       IGNOREGIT=true    \      MANDIR=/usr/share/man    \      DOCDIR=/usr/share/doc/haproxy    \      USE_PCRE=1  \        USE_OPENSSL=1 \         TARGET=linux26       \             USE_LINUX_SPLICE=1      \              USE_LINUX_TPROXY=1 \
make install

sed -i -e “s/ENABLED=0/ENABLED=1/” /etc/default/haproxy

sed -i -e “s/ENABLED=0/ENABLED=1/” /etc/default/spread

5. build wackamole

cd /usr/src

wget http://ftp.de.debian.org/debian/pool/main/w/wackamole/wackamole_2.1.1.orig.tar.gz

wget http://ftp.de.debian.org/debian/pool/main/w/wackamole/wackamole_2.1.1-3.1.diff.g

ztar xzfv wackamole_2.1.1.orig.tar.gz

gunzip wackamole_2.1.1-3.1.diff.gz

cd wackamole-2.1.1/patch -p1 < ../wackamole_2.1.1-3.1.diff

cd /usr/src/

wget ftp://ftp.freebsd.org/pub/FreeBSD/ports/distfiles/wackamole-2.1.4.tar.gz

tar xzfv wackamole-2.1.4.tar.gz 

cd wackamole-2.1.4/

cp ../wackamole-2.1.1/config.sub .

./configure –with-cppflags=-I/usr/include         –with-ldflags=-L/usr/lib         –with-perl         –with-threads         –with-pid-dir=/var/run/wackamolemakemake install

cat <<EOF > /etc/init.d/wackamole

#!/bin/sh

### BEGIN INIT INFO

# Provides:          wackamole

# Required-Start:    $remote_fs $syslog

# Required-Stop:     $remote_fs $syslog

# Default-Start:     2 3 4 5

# Default-Stop:      0 1 6

### END INIT INFO


# Wackamole init script

# June 2003

# Eric Dorland

# Based on spamassassin init script

PATH=/sbin:/bin:/usr/sbin:/usr/bin

DAEMON=/usr/local/sbin/wackamole

NAME=wackamole

SNAME=wackamole

DESC=”Wackamole Virtual IP Daemon”

PIDFILE=”/var/run/$NAME/$NAME.pid”

PNAME=”wackamole”

DOPTIONS=”-c /etc/wackamole.conf”


# Defaults – don’t touch, edit /etc/default/wackamole

ENABLED=0

OPTIONS=””


test -x $DAEMON || exit 0


test -f /etc/default/wackamole && . /etc/default/wackamole

             

test “$ENABLED” != “0” || exit 0


case “$1” in

  start)

        echo -n “Starting $DESC: “

        start-stop-daemon –start –pidfile $PIDFILE \

                –name $PNAME –oknodo –startas $DAEMON \

            — $OPTIONS $DOPTIONS

        

        echo “$NAME.”

        ;;

  stop)

        echo -n “Stopping $DESC: “

        

        start-stop-daemon –stop –pidfile $PIDFILE –name $PNAME –oknodo

        

        echo “$NAME.”

        ;;

  restart|force-reload)

        echo -n “Restarting $DESC: “

        start-stop-daemon –stop –pidfile $PIDFILE –name $PNAME \

            –retry 5 –oknodo

        start-stop-daemon –start –pidfile $PIDFILE \

            –name $PNAME –oknodo –startas $DAEMON \

            — $OPTIONS $DOPTIONS

        

        echo “$NAME.”

        ;;

  *)

        N=/etc/init.d/$SNAME

        echo “Usage: $N {start|stop|restart|force-reload}” >&2

        exit 1

        ;;

esac


exit 0

cat <<EOF > /etc/default/wackamole

# Change to enable wackamole

ENABLED=1
# Options

OPTIONS=””

EOF

HAP-1/HAP-2:

/etc/haproxy/haproxy.cfg

defaults

  option  http-server-close  # set Connection: close to inspect all HTTP traffic

  option  dontlognull        # Do not log connections with no requests

  option  redispatch         # Try another server in case of connection failure

  option  contstats          # Enable continuous traffic statistics updates

  retries 3                  # Try to connect up to 3 times in case of failure 

  timeout connect 5s         # 5 seconds max to connect or to stay in queue

  timeout http-keep-alive 1s # 1 second max for the client to post next request

  timeout http-request 15s   # 15 seconds max for the client to send a request

  timeout queue 30s          # 30 seconds max queued on load balancer

  timeout tarpit 1m          # tarpit hold tim

  backlog 10000              # Size of SYN backlog queue

frontend ft_exchange_https

  bind 10.8.4.9:443 name https ssl crt /etc/haproxy/ssl/my.pem crt /etc/haproxy/ssl/my2.pem

  mode http

  log global

  option httplog

  capture request header User-Agent len 64

  capture request header Host len 32

  log-format %ci:%cp\ [%t]\ %ft\ %b/%s\ %Tq/%Tw/%Tc/%Tr/%Tt\ %ST\ %B\ %CC\ %CS\ %tsc\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %hr\ %hs\ {%sslv/%sslc/%[ssl_fc_sni]/%[ssl_fc_session_id]}\ %{+Q}r

  timeout client 25s

  maxconn 1000

  no option httpclose

  no option forceclose

  no option http-server-close

  http-request redirect scheme   https code 302 if !{ ssl_fc }

  http-request redirect location /owa/ code 302 if { hdr(Host) mail.example.com } { path / }

  use_backend bk_exchange_https if { ssl_fc_sni mail.example.com } # content switching based on SNI

  use_backend bk_exchange_https if { ssl_fc_sni autodiscover.example.com } # content switching based on SNI

  default_backend bk_exchange_https

backend bk_exchange_https

  stick-table type ip size 10240k expire 60m

  stick on src

  balance roundrobin

  mode http

  log global

  option httplog

  option forwardfor

  cookie JSESSIONID prefix

  default-server inter 3s rise 2 fall 3

  timeout server 120s

  server iron 10.8.4.4:443 maxconn 1000 weight 10 ssl verify none check

listen stats :8080

    mode http

    stats enable

    stats hide-version

    stats realm Haproxy\ Statistics

    stats uri /

    stats auth user:pass

frontend ft_exchange_pop3s

    mode tcp

    bind 10.8.4.9:995 name pop3s ssl crt /etc/haproxy/ssl/mail_example_com.pem

    default_backend bk_exchange_pop3s

backend bk_exchange_pop3s

  mode tcp

  balance roundrobin

  stick store-request src

  stick-table type ip size 200k expire 30m

  timeout server 200s

  server iron 10.8.4.4:995 maxconn 1000 weight 10 ssl verify none check

  

frontend ft_exchange_imaps

    mode tcp

    bind 10.8.4.9:993 name pop3s ssl crt /etc/haproxy/ssl/mail_example_com.pem

    default_backend bk_exchange_imaps

backend bk_exchange_imaps

  mode tcp

  balance roundrobin

  stick store-request src

  stick-table type ip size 200k expire 30m

  timeout server 200s

  server iron 10.8.4.4:993 maxconn 1000 weight 10 ssl verify none check

/etc/wackamole.conf:

Spread = 4803

SpreadRetryInterval = 5s

Group = wack1

Control = /var/run/wackamole/wackamole.it

Prefer None

VirtualInterfaces {

        eth0:10.8.4.9/24

}

Arp-Cache = 60s

Notify {

        eth0:10.8.4.1/32

        eth0:10.8.4.0/24

        arp-cache

}

balance {

        AcquisitionsPerRound = all

        interval = 4s

}

mature = 5s

/etc/spread/spread.conf

Spread_Segment 10.8.4.9 {

       hap-1     10.8.4.109

       hap-2     10.8.4.110

}

EventLogFile = /var/log/spread.log

EventTimeStamp

asterisk/freepbx HA Failover cluster on top of heartbeat, pacemaker, nfs, drbd
vladimir simeonov
15/11/2013

Настоящите инструкции представят сбор от различни how-to за изграждане на asterisk failover cluster базиран на:

asterisk

freepbx

mysql

pacemaker

heartbeat

apache2

за по – лесно изграждане и поддръжка на инсталацията, цялостната архитектура е разделена на 3 слоя. показано на диаграмата:

за изграждане на mysql/nfs failover cluster – Tier 3, следвайте инструкциите тук:

http://myboot.lordofdeath.net/2013/02/part1-load-balancing-web-cluster-with.html

Стъпки за изграждане на asterisk/freepbx failover cluster на Tier 2:

tier2-node1: 192.168.236.71

tier2-node2: 192.168.236.72

shared-IP: 192.168.236.66

t2-node1/t2-node2 –

/etc/hosts

127.0.0.1       localhost

192.168.236.71     t2-node1

192.168.236.72     t2-node2

# The following lines are desirable for IPv6 capable hosts

::1     ip6-localhost ip6-loopback

fe00::0 ip6-localnet

ff00::0 ip6-mcastprefix

ff02::1 ip6-allnodes

ff02::2 ip6-allrouters

t2-node1 –

/etc/network/interfaces

auto lo

iface lo inet loopback

# The primary network interface

auto eth0

iface eth0 inet static

address 192.168.236.71

netmask 255.255.255.0

gateway 192.168.236.1

# dns-* options are implemented by the resolvconf package, if installed

dns-nameservers 192.168.236.1

t2-node2 –

/etc/network/interfaces

auto lo

iface lo inet loopback

# The primary network interface

auto eth0

iface eth0 inet static

address 192.168.236.72

netmask 255.255.255.0

gateway 192.168.236.1

# dns-* options are implemented by the resolvconf package, if installed

dns-nameservers 192.168.236.1

Инсталираме необходимите пакети:

t3-node1/t3-node2 –

apt-get install -y heartbeat pacemaker build-essential nfs-common

Конфигурираме Heartbeat:

cat <<EOF > /etc/heartbeat/ha.cf

logfacility daemon

keepalive 2

deadtime 15

warntime 5

initdead 120

udpport 694

bcast eth0

auto_failback on

node t2-node1

node t2-node2

use_logd yes

crm respawn

ping_group internal 192.168.236.1

deadping 12

EOF

Подменете адресите от група Internal с адреси на рутер или dns сървър, които да служат за witness в случай, че двата Nodes изгубят връзка помежду си, но продължат да работят – “split brain”.

Възможно е при по – специална конфигурация на мрежата, забраняваща broadcasting, да се наложи промяна на bcast eth0 с

ucast eth0 192.168.236.71

ucast eth0 192.168.236.72

t2-node2 only:

( echo -ne “auth 1\n1 sha1 “; \

dd if=/dev/urandom bs=512 count=1 | openssl md5 ) \

> /etc/ha.d/authkeys

chmod 600 /etc/ha.d/authkeys

service heartbeat start

Копираме генерирания файл с ключове на хост t2-node2:

rsync -avzlH /etc/ha.d/authkeys t2-node2:/etc/ha.d/

t2-node1/t2-node2:

echo ‘192.168.235.66:/srv/nfs /srv    nfs     rw,soft,lock,intr 0 0’ >> /etc/fstab

mount -a

Следват инструкциите свързани с Asterisk/FreePBX инсталиране:

apt-get install -y build-essential linux-headers-`uname -r` openssh-server apache2 mysql-client bison flex php5 php5-curl php5-cli php5-mysql php-pear php-db php5-gd curl sox libncurses5-dev libssl-dev mpg123 libxml2-dev libnewt-dev sqlite3 libsqlite3-dev pkg-config automake libtool autoconf git subversion uuid uuid-dev

t2-node1-

mkdir -p /srv/apache2/conf

mkdir -p /srv/apache2/www

mkdir -p /srv/asterisk/conf

mkdir /srv/asterisk/dahdi

ln -s /srv/asterisk/dahdi /etc/dahdi

mv /etc/apache2/* /srv/apache2/conf/

rmdir /etc/apache2/

ln -s /srv/apache2/conf /etc/apache2

mv /var/www/index.html /srv/apache2/www/

rmdir /var/www

ln -s /srv/apache2/www /var/www

t2-node2-

rm -r /etc/apache2

ln -s /srv/apache2/conf /etc/apache2

rm -r /var/www

ln -s /srv/apache2/www /var/www

ln -s /srv/asterisk/dahdi /etc/dahdi

t2-node1/t2-node2-

pear install db

Install Dependencies for Google Voice

Install iksemel

cd /usr/src

wget https://iksemel.googlecode.com/files/iksemel-1.4.tar.gz

tar xf iksemel-1.4.tar.gz

cd iksemel-1.4

./configure

make

make install

Install and Configure Asterisk

Download Asterisk source files.

cd /usr/src

wget http://downloads.asterisk.org/pub/telephony/dahdi-linux-complete/dahdi-linux-complete-current.tar.gz

wget http://downloads.asterisk.org/pub/telephony/libpri/libpri-1.4-current.tar.gz

wget http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-11-current.tar.gz

Compile and install DAHDI.

cd /usr/src

tar xvfz dahdi-linux-complete-current.tar.gz

cd dahdi-linux-complete-*

make all

make install

make config

mv /etc/dahdi/* /srv/asterisk/dahdi/

rmdir /etc/dahdi

ln -s /srv/asterisk/dahdi /etc/dahdi

Compile and install LIBPRI.

cd /usr/src

tar xvfz libpri-1.4-current.tar.gz

cd libpri-*

make

make install

Compile and install Asterisk

cd /usr/src

tar xvfz asterisk-11-current.tar.gz

cd asterisk-*

./configure

contrib/scripts/get_mp3_source.sh

make menuselect

make

make install

make config

adduser asterisk --disabled-password --no-create-home --gecos "Asterisk User"

Install and Configure FreePBX

Download and extract FreePBX.

export VER_FREEPBX=2.11

cd /usr/src

svn co http://www.freepbx.org/v2/svn/freepbx/branches/${VER_FREEPBX} freepbx

cd freepbx

t2-node1-

mkdir /srv/asterisk/lib

mv /etc/asterisk/* /srv/asterisk/conf/

rmdir /etc/asterisk

ln -s /srv/asterisk/conf /etc/asterisk

mv /var/lib/asterisk/* /srv/asterisk/lib

rmdir /var/lib/asterisk

ln -s /srv/asterisk/lib /var/lib/asterisk

mkdir /srv/asterisk/{run,log,spool}

rmdir /var/run/asterisk/

chown asterisk. /var/run/asterisk

chown -R asterisk. /etc/asterisk

mv /var/spool/asterisk/* /srv/asterisk/spool/

rmdir /var/spool/asterisk/

ln -s /srv/asterisk/spool /var/spool/asterisk

mv /var/log/asterisk/* /srv/asterisk/log/

rmdir /var/log/asterisk

ln -s /srv/asterisk/log /var/log/asterisk

chown -R asterisk. /var/{lib,log,spool}/asterisk

chown -R asterisk. /usr/lib/asterisk

chown -R asterisk. /srv/asterisk/

chown -R asterisk. /srv/apache2/www/

mv /etc/php5 /srv/

ln -s /srv/php5 /etc/php5

sed -i 's/\(^upload_max_filesize = \).*/\120M/' /etc/php5/apache2/php.ini

sed -i 's/\(APACHE_RUN_USER\|APACHE_RUN_GROUP\).*/\1=asterisk/' /etc/apache2/envvars

t2-node2-

rm -r /etc/asterisk/

ln -s /srv/asterisk/conf /etc/asterisk

rm -r /var/lib/asterisk

ln -s /srv/asterisk/lib /var/lib/asterisk

rmdir /var/run/asterisk/

ln -s /srv/asterisk/run /var/run/asterisk

rm -r /var/spool/asterisk/

ln -s /srv/asterisk/spool /var/spool/asterisk

rm -r /var/log/asterisk

ln -s /srv/asterisk/log /var/log/asterisk

mysql server (192.168.235.66):

export ASTERISK_DB_PW=amp109 

mysqladmin -u root create asterisk -p

mysqladmin -u root create asteriskcdrdb -p

mysql -u root asterisk -p < SQL/newinstall.sql 

mysql -u root asteriskcdrdb -p < SQL/cdr_mysql_table.sql

./install_amp --webroot /var/www/freepbx

amportal a ma installall

amportal a reload

ln -s /var/lib/asterisk/moh /var/lib/asterisk/mohmp3

cd /etc/asterisk

rm ccss.conf confbridge.conf features.conf sip.conf iax.conf logger.conf extensions.conf sip_notify.conf

t2-node1/t2-node2-

apt-get install sipsak ntp postfix

echo 'export export OCF_ROOT="/usr/lib/ocf"' >> /etc/environment

cat <<EOF > /etc/apache2/sites-available/localhost

<VirtualHost 127.0.0.1:80> ServerName localhost <Location /server-status> SetHandler server-status Order deny,allow Deny from all Allow from 127.0.0.1 </Location> </VirtualHost>

EOF

a2ensite localhost

след приключване на инсталацията е време да се конфигурира pacemaker

t2-node1-

crm configure edit

node $id=”733f9f25-58cd-486e-810c-b441fba7d61e” t2-node2 node $id=”90f76594-4d7f-46d1-b094-cce7319da8ae” t2-node1

primitive ResourceMonitor ocf:pacemaker:ClusterMon \

        params pidfile=”/var/run/crm_mon.pid” htmlfile=”/var/tmp/crm_mon.html” extra_options=”-T [email protected] -H localhost:25″ \

        op monitor interval=”10s” timeout=”20s”

primitive P_APACHE ocf:heartbeat:apache \ params configfile=”/srv/apache2/conf/apache2.conf” httpd=”/usr/sbin/apache2″ statusurl=”http://localhost/server-status” \ op monitor interval=”40s” \ meta target-role=”Started” primitive P_IP ocf:heartbeat:IPaddr2 \ params ip=”192.168.236.66” cidr_netmask=”24″ nic=”eth0″ \ op monitor interval=”10s” primitive p_asterisk ocf:heartbeat:asterisk \ params user=”asterisk” group=”asterisk” realtime=”true” \ op monitor interval=”10s” \ meta target-role=”Started” group HAServices P_IP p_asterisk P_APACHE \ meta target-role=”Started” colocation ASTERISK inf: p_asterisk P_IP colocation WEB_SITE inf: P_APACHE P_IP order START_ORDER inf: P_IP:start p_asterisk:start P_APACHE:start

property $id=”cib-bootstrap-options” \ dc-version=”1.1.6-9971ebba4494012a93c03b40a2c58ec0eb60f50c” \ cluster-infrastructure=”Heartbeat” \ expected-quorum-votes=”1″ \ stonith-enabled=”false” \ no-quorum-policy=”ignore” rsc_defaults $id=”rsc-options” \ resource-stickiness=”100″

текста в синьо не се променя!!!! в червено е посочен адреса, който трябва да се промени!!!

 

mtel 3g ZTE dongle MF626 freebsd setup
vladimir simeonov
05/11/2013

тъйкато почти не се намира информация как се настройва въпросния донгъл за работа с mtel, сега ще постна набързо работещо решение, което обаче не е базирано на стандартния ppp, тъйкато не успях да му хвана цаката специално с mtel и ZTE. информацията е компилирана от руски форуми е пригодена за mtel. въпросния мотедел на ZTE MF6xx се разпознава успешно от ugen и се използва драйвера u3g. 

конфигурацията е базирана на FreeBSD 9.1-rel am64.

тъйкато пак казвам, устройството трудно се подкарва с ppp демона, ще се използва mpd5:

cd /usr/ports/net/mpd5; make install

echo ‘mpd_enable=”YES”‘ >> /etc/rc.conf

създават се два файла:

/usr/local/etc/mpd5/mpd.conf

Код:

startup:

# configure mpd users

set user admin xxx admin

# configure the console

set console self 127.0.0.1 5005

set console open

log +all

default:

load mtel

mtel:

log +auth +bund +ccp +chat +echo +iface +ipcp +lcp +phys

create bundle static mtel

set bundle links B-Link

set ipcp ranges 0.0.0.0/0 10.0.0.0/0

set ipcp disable vjcomp

create link static B-Link modem

set link action bundle mtel

set modem device /dev/[b]cuaU1.2[/b]

set modem speed 921600

set modem watch -cd

set modem watch -dsr

set modem script dial-mtel

set auth authname mtel

set auth password mtel

set link disable chap pap acfcomp protocomp

set link keep-alive 6 60

set link max-redial 0

set iface route default

open

тук единствено заменете /dev/cuaU1.2 с вашия интерфейс към ZTE. при мен е 1.2 тъйкато това е втори донгъл, при вас вероятно ще е /dev/cuaU0.2

другия файл за създаване е /usr/local/etc/mpd5/mpd.script

Код:

dial-mtel:

print “ATZ\r\n”

match “ERROR” ModemError

match “NO CARRIER” ModemError

match “OK” NoEcho

wait 5

log “Modem not ready”

failure

NoEcho:

print “ATE0\r\n”

match “OK” ModemQuery

wait 5

log “Modem not ready”

failure

ModemQuery:

print “AT+CGEQMIN=1,4,64,640,64,640\r\n”

regex “[+]CRSM: .*\”(.*)\””

wait 5

log “Detected ICC (BCD): $matchedString1”

match “OK”

wait 5

print “AT+CGEQREQ=1,4,64,640,64,640\r\n”

wait 5

print “AT+CRSM=176,28423,0,0,9\r\n”

regex “[+]CRSM: .*\”(.*)\””

wait 5

log “Detected IMSI: $matchedString1”

match “OK”

wait 5

print “AT+CSQ\r\n”

regex “[+]CSQ: .*$”

wait 5

log “Detected $matchedString0”

match “OK”

wait 5

ModemInit:

print “AT&D2&C1S0=0S7=60S30=0+CGDCONT=1,\”IP\”,\”inet-gprs.mtel.bg\”\r\n”

match “OK” DialOut

match “ERROR” ModemError

wait 5

ModemError:

log “Modem error”

failure

DialOut:

log “Calling, waiting 60 seconds for connect…”

print “ATDT*99#\r\n”

match “CONNECT” Connected

match “NO CARRIER” DialError

match “BUSY” DialError

wait 60

log “Modem error”

failure

DialError:

log “Cannot connect”

failure

Connected:

log “Connected”

success

последна стъпка:

/usr/local/etc/rc.d/mpd5 start

за грешки проверявайте лог файла в /var/log/mpd*

надявам се да съм бил полезен. благодаря за вниманието!